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investigations,  and  supporting  the  development  of  information  systems-based 
products  internationally. 
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“  When  I  started  my  career,  in  the  late  80s,  if  there 
was  a  bank  robbery,  the  pool  of  suspects  was  limited 
to  the  people  who  were  in  the  vicinity  at  the  time. 
Now  when  a  bank  is  robbed  the  pool  of  suspects  is 
limited  to  the  number  of  people  in  the  world  with 
access  to  a  $500  laptop  and  an  internet 
connection...” 


Shawn  Henry,  former  FBI  Executive  Assistant  Director 
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How  has  cybersecurity  changed  over  the  last 
five  years? 


A  few  thoughts  .  .  . 


I.  Nation-State  Involvement 

II.  Complexity  and  Importance  of 
External  Entities 

III.  Greater  Dependency  Every  Day 

IV.  Increasing  Cooperation  (?) 
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Nation-State  Involvement 


The  involvement  of  governments  in  cybersecurity  -  both  from  a 
defensive  and  an  offensive  perspective  -  has  become  much  more 
apparent. 
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Close  look  awaits  NIST  cybersecurity  framework  due  next  month 
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The  defense  industrial  base  is  among  the  critical  infrastructure  identified  by  the  Obama  administration  as  needing  better 
protection  from  cyber  threats.  (Lockheed  Martin) 


More  Headlines 

DHS  awards  work  under  $6B  cyber  contract 

Jan  16.  2014 


2014  spending  bill  funds 
continuous  monitoring 
program 

Jan.  14.  2014 
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Director  of  National  Intelligence  -  March  12,  2013 

U.S.  Intelligence  Community  Worldwide  Threat  Categories 
%  1.  Cyber 

2.  Terrorism  &  transnational 
organized  crime 

3.  WMD  proliferation 

4.  Counterintelligence 

5.  Counterspace 

6.  Insecurity  and  competition 
for  natural  resources 

7.  Health  and  pandemic  threats 

8.  Mass  atrocities 


Statement  for  the  Record 

Worldwide  Threat  Assessment 
of  the 

US  Intelligence  Community 
Senate  Select  Committee  on  Intelligence 


James  R.  Clapper 
Director  of  National  Intelligence 
March  12,  2013 
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Chinese  Hackers  Hit  U.S.  Media 

Wall  Street  Journal,  New  York  Times  Are  Breached  in  Campaign  That  Stretches  Back 
Several  Years 


BySIOBHAN  GORMAN,  DEVLIN  BARRETT  and  DANNY  YADRON 

WASHINGTON — Chinese  hackers  believed  to  have  government  links  have  been 
conducting  wide-ranging  electronic  surveillance  of  media  companies  including  The 
Wall  Street  Journal,  apparently  to  spy  on  reporters  covering  China  and  other  issues, 
people  familiar  with  the  incidents  said. 

Journal  publisher  Dow  Jones  &  Co.  said  Thursday  that  the  paper’s  computer  systems 
had  been  infiltrated  by  Chinese  hackers,  apparently*  tn  mnnitnf  rtn  ry«i^rnsrr^nnp 
New  York  Times  Co.  I  NYT+o.ii%  1  disclosed  Wed 
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Iran  Hacks  Energy  Firms,  U.S.  Says 

Oil-and-Gas,  Power  Companies'  Control  Systems  Believed  to  Be  Infiltrated;  Fear  ofSabotagi 
Potential 


By  SIOBHAN  GORMAN  and  DANNY  YADRON 


WASHINGTON — Iranian-backed  hackers  have  escalated  a  campaign  of 
cyberassaults  against  U.S.  corporations  by  launching  infiltration  and  surveillance 
missions  against  the  computer  networks  running  energy  companies,  according  to 
current  and  former  U.S.  officials. 


In  the  latest  operations,  the  Iranian 
hackers  were  able  to  gain  access  to 
control-system  software  that  could  allow 
them  to  manipulate  oil  or  gas  pipelines. 
They  proceeded  "far  enough  to  worry 
people,"  one  former  official  said. 
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But  are  the  laws  changing  as  needed? 
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Complexity  and  the  Importance  of  External  Entities 


The  protection  and  sustainment  of  assets  that  your  organization 
relies  on  .  .  . 

□  People 

□  Information 

□  Technology 

□  Facilities 

increasingly  depends  on  contracted  and  arms-length  relationships. 


CERT®  Operational  Resilience: 
Manage,  Protect,  and  Sustain 
Twitter  #CERTopRES 
©2013  Carnegie  Mellon  University 


CERT 


Software  Engineering  Institute 


Carnegie  Mellon  University 


March  2011 


Slic  l\)a6liind|ton|)o$t  Politics  Opinions  Local  Sports  National  World  Business  Tech 


Posted  at  04:46  PM  ET,  07/26/2011 


Cyber  attack  on  RSA  cost  EMC  $66  million 

By  Havlev  Tsukavama 


(The  ^'cUf  JJork 


In  its  earnings  call  Tuesday,  EMC 
disclosed  that  it  spent  $66  million 
in  its  second  quarter  to  deal  with  a' 
cyber  attack  that  compromised  its 
^A^curjtyjlhdsii; 


WORLD  U.S.  N.Y./ REGION  BUSINESS  TECHNOLOGY  SCIENCE  HEALTH  SPORTS^ 

Data  Breach  at  Security  Firm  Linked  to  Attack  on 
Lockheed 

By  CHRISTOPHER  DREW  and  JOHN  MARKOFF 
Published:  May  27,  2011 

Lockheed  Martin,  the  nation’s  largest  military  contractor,  has  battled 
disruptions  in  its  computer  netw  orks  this  week  that  might  be  tied  to  a 
hacking  attack  on  a  vendor  that  supplies  coded  security  tokens  to 
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Yesterday  it  would  have  looked  like 


Principles  and  Practice  of 
Modern  Information  Security 


It  would  have 
been  all  about 
IT  and  technical 
controls. 


A  tutorial  delivered  at  the 

ACM  SISSOFT  2000  Eight  International  Symposium  on  the  Foundation  of  Software  Engineering 
November  6-10,  2000,  San  Diego,  California,  USA 


J  cremy 

Advanced  Techno 
Lockheed  Martin  Sy 
1801  Rol 
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Intrusion  Detection 
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Today  it  has  to  be  about ... 


Sample  definition  of  Information  Assurance: 

- 

Measures  thatbrotect  and  defendllinformationland  information  svstemsibv  ensuring  theirlavailabilitvl  Jr 

integrity  Authentication!,  (confidentiality!  and  (non-repudiation!  These  measures  inc!ude  providing  for  ^ 

restoration!  of  information  systems  by  incorporating!protection,  detection,  and  reaction  capabilities]  J 

Sample  definition  of  Information  Assurance: 


Information  assurance  is  related  to  the  field  of  information  security,  in 
that  it  is  primarily  concerned  with  thejprotection  of  information  systems  | 
and  their  contents.  Generally  considered  the  more  broadly- focused  of 
these  two  fields,  lA  consists  more  of  th^  strategic|risk  management  hf 
information  systems  rather  than  the  creation  and  application  of  security 
controls.  In  addition  to  defending  againstimalicious  hackers  hnd  code 
(e.g.,  viruses),  lA  practitioners  consideij  corporate  governance  issues 
such  as|privacyl|regulatory  and  standardsi|:ompliance,  auditing  J  business 
continuity,  and  disaster  recoveryjas  theyrelate  to  information  systems. 
Further,  while  information  security  draws  primarily  from  computer 
science,  lA  is  anlinterdisciplinary'held  requiring  expertise  injaccountingj 
I fraud|examinationJ forensic  Science, [management^cience,  systems 
engineering,  security  engineering,  and  criminology,  in  addition  to 
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Today  it  has  to  deal  with 


and  more  ... 
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S  - 


Managing  the  Supply  Chain  for  ICT  Services 


We  realize  new  business  opportunities,  flexibility, 
and  cost  savings  by  outsourcing  services  .  .  . 


.  .  .  but  how  do  we  manage  the  right 
relationships  and  mitigate  the  resulting  risks  in 
a  reliable  way  over  time? 
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Greater  Dependency  Every  Day 


CYBER 

We  are  in  a  major  transformation  because  our  critical  infrastructures, 
economy,  personal  lives,  and  even  basic  understanding  of — 
and  interaction  with — the  world  are  becoming  more  intertwined  with  digital 
technologies  and  the  internet.  In  some  cases,  the  world  is  applying  digital 
technologies  faster  than  our  ability  to  understand  the  security  implications 

and  mitigate  potential  risks. 


— James  Clapper,  Director  of  National  Intelligence, 
March  2013 
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We  Depend  on  Evolving  Cyber  Ecosystems 
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Intertwining  of  Physical  and  Cyber  Domains 
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TECHNOLOGY  |  April  23,  2013,  2:19  p.m.  ET 

False  AP  Twitter  Message  Sparks  Stock-Market  Selloff 

BySHIRA  OVIDE 

The  Associated  Press  said  Tuesday  its  Twitter  account  was  compromised,  resulting 
in  a  false  message  on  the  service  that  explosions  in  the  White  House  had  injured 
President  Barack  Obama.  The  message  briefly  sparked  selloff  on  U.S.  stock  markets. 


JThe  Twitter  account  has  been  hacked,"  the  A&said  in  a  statement  Tues( 
tweet  about  an  attacK  on  tne  White  House  is  false." 

Other  Twitter  accounts  associated  with  Associated  Press  were  quick  to  < 
false  Twitter  message,  which  was  posted  just  after  1  p.m.  Eastern  time. : 
afterward,  the  news  organization's  main  Twitter  account  was  suspended 
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Reuters  News  Site  Hacked 


Article 


Comments  (7) 


REUTERS 


August  3  &  5,  2012 
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REUTERS 


EDITION:  U  S. 


BySHALINI  RAMACHANDRAN  A 

Thomson  Reuters  Corp.  said  Friday  that  its  blogging  platform  for  Reuters  News  was 
hacked,  resulting  in  multiple  false  posts  to  its  website,  including  a  fake  interview  with 
Syrian  rebel  army  leader 

"Reuters  did  not  carry  out  such  an  interview  and  the  posting  has  been  deleted."  the 
international  news  service  posted  Friday  on  Twitter. 

Reuters  didn't  release  any  details  about  who  was  responsible  for  the  attack.  "We  are 
working  to  address  the  problem."  a  spokeswoman  said  in  a  statement. 

According  to  Reuters,  a  false  blog  post  attributed  to  one  of  its  reporters,  contained  a 
interview  with  the  Free  Syrian  Army  leader  Riad  al-Asaad.  saying  that  his  forces  were 
going  to  retreat  from  Aleppo,  a  northern  Syrian  province,  after  encountering  the  Syrii 
army.  For  months,  the  Free  Syrian  Army  has  been  fighting  the  Syrian  government  for 
control  of  the  country. 

Reuters  said  the  Free  Syrian  Army  released  a  statement  saying  that  the  interview  ne 
took  place  and  blamed  Syrian  President  Bashar  al-Assad's  government  for  the  false 


Home  Business  ▼  Markets  ▼  Worlds  Politics  ▼  Tech^  Opinion  ▼  Breakingvi 


Reuters  Twitter  account  hacked,  false 
tweets  about  Syria  sent 

Recommend  D  74  recommendations.  Sign  Up  to  see  what  your  friends  recommend. 

Sun  Aug  5,  2012  8:19pm  EDT 

(Reuters)  -  Reuters  News  said  one  of  its  Twitter 
accounts  was  hacked  on  Sunday  and  false  tweets 
were  posted,  mainly  related  to  the  current  armed 
struggle  in  Syria. 

"Earlier  today  (gReutersTech  was  hacked  and  changed  to  igReutersME," 
said  a  spokesperson  for  Reuters,  which  is  owned  by  Thomson  Reuters 
CorpTO>.  'The  account  has  been  suspended  and  is  currently  under 
investigation." 


► 


The  incident  follows  the  company's  disclosure  that  the  blogging  platform  of 
the  Reuters  News  website  was  compromised  on  Friday  and  a  false  posting 
purporting  to  carry  an  interview  with  a  Syrian  rebel  leader  was  illegally 
posted  on  a  Reuters'  journalist's  blog. 

In  the  latest  incident  a  series  of  22  false  tweets  were  sent  purporting  to  be 
from  Reuters  News.  Some  of  the  tweets  also  carried  false  reports  about 
Syrian  rebel  losses  suffered  in  battles  with  Syrian  government  forces. 


Related  News 
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New  Applications 

Google’s  smart  contact  lens:  what  it  does 
how  it  works 


January  14th,  2014  1  ^  •  ■w-r 

09:32amet  Google  Steps  mto  Home 
Appliances  Trade 


Google  is  making  another  big  bet  on  hardware,  CNN's 
Christine  Romans  reports. 

The  search  giant  announced  Monday  that  it's  buying 
connected  device  maker  Nest  Labs  for  $3.2  billion  in  cash. 


Video:  Google  is  working  on  a  smart  contact  lens  prototype  that  monitors  glucose  levels  in  tears.  The  technology 
could  end  finger  pricks  for  diabetics.  It  still  needs  to  be  tested  and  proved  accurate  and  safe  to  win  FDA  approval. 

By  Hayley  Tsukayama,  Friday,  Januaiy  17, 10:13  E-mail  the  writer  ^ 
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Cooperation  (and  Information  Sharing) 


Is  it  getting  better? 


Key  Institutions  in  the  Cybersecurity  PPP  Landscape 
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Financial  Sector  Attacks,  Late  2012 


DDOS  attacks  targeted  major  banks  and  financial  institutions. 
Website  disruptions: 


•  Wells  Fargo 

•  PNC 

•  USBank 

•  Bank  of  America 

•  JP  Morgan  Chase 

•  Citigroup 

•  Others 
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Public-Private  Partnership  in  Action 


DHS,  NSA,  and  FBI  provided  on-request  support  to  organizations  that 
were  attacked. 

DHS  has  improved  its  capability  to  aid  the  attacked  organizations: 

•  Information  gathering,  analysis,  and  sharing 

•  Recommendations  for  mitigations 

•  Clarification  of  contact  points 


"A  year  ago,  quite  frankly,  the  capability  was  not  there.  We  did  not  hove  the 
capacity  to  collaborate  nearly  os  effectively  os  we  do  now.  I  won't  soy  that  it 
has  become  almost  proforma,  but  it's  become  a  lot  more  routine  for  how  we 
do  this  now  than  it  was  just  a  few  months  ago." 

—Mark  Weatherford,  DHS  Deputy  Undersecretary  for  Cybersecurity,  January  2013 
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A  Practical  Case  for  Situational  Awareness 


Figure  6:  Who  identifies  data  breaches 
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Many  organizations  devote  a  disproportionate  amount  of  time  and  money  to 
detection  methods  that  fall  below  the  1%  mark. 
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Discovery  Methods  vs.  Size 


Figure  44:  Discovery  methods 
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Recent  News 


A  US  A  TODAY 

A  GANNETT  COMPANY 

NEWS  SPORTS  UFE  MONEY  TECH  TRAVEL  OPINION  47*  SUBSCRIBE  Q 


JPMorgan  CEO:  Target  breach  is  a  wake-up  call 


Ken  Sweet ,  The  Associated  Press  2  f  1  p.m  EST  January  14  2014 


(Photo  Manuet  Bales  Ceneta,  AP) 


STORY  HIGHUGHTS 

•  CEO  Jamie  Dimon  says 
banks  and  retailers  must 
work  together  to  prevent 
cyber  theft 


•  JPMorgan  is  replacing  2 
million  credit  and  debit 
cards  due  to  the  breach  at 
Target 


•  Bank  is  the  world's  largest 
issuer  of  credit  cards 


SHARE  f64  Sp54  #7  C3 

CONNECT  TWEET  COMMENT  EMAa  MONE 

NEW  YORK  (AP)  —  More  Target-sized  security 
breaches  will  happen  if  banks  and  retail  stores  don't 
Start  working  together  to  further  protect  customers' 
data,  JPMorgan  Chase’s  CEO  Jamie  Dimon  said 
Tuesday. 

JPMorgan  has  replaced  2  million  credit  and  debit 
cards  as  a  result  of  the  Target  breach,  Dimon  said. 
That  number  is  expected  to  rise.  JPMorgan  Is  the 
world's  largest  issuer  of  credit  cards. 


[>  X 

3  Bureau  Credit  Score  (FREb) 
View  Your  Latest 
Credit  Scores  From 
Ali  3  Bureaus  in 
60  Seconds  For  $0 

CLICK  HERE! 

Free  Score 360 .  com 


Dimon  expects  that  cybercrimes  such  as  the  Target 
breach  will  become  more  common  if  retailers  and 
banks  do  not  work  on  security,  he  said. 

This  story  Is  not  over,  unfortunately,"  Dimon  said  In 
a  conference  call  with  investors  following  the  bank's 
fourth-quarter  earnings  announcement. 
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In  December,  Target  said  40  million  credit  and  debit 
card  accounts  —  including  customers'  card  numbers,  expiration  dates,  debit-card  PINs 
and  the  embedded  code  on  the  magnetic  strip  on  the  back  of  cards—  were  stolen  in  a 
data  breach  that  happened  between  Nov.  27  and  Dec.  15.  Last  week,  the  company 
disclosed  that  hackers  stole  an  additional  trove  of  data  affecting  70  million  people.  That 
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How  can  a  resilience  view  help? 
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Today’s  Preparedness  Planning 
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In  Closing 


Organizations  are  faced  with  an  ever  growing  iist  of  cyber  security 
demands  and  compiexities  for  a  variety  of  reasons: 

■  Complex  business  relationships  and  economic  pressures 

■  Legai  uncertainty  and  jurisdictional  issues 

■  incident  impacts  and  consequences  that  are  difficuit  to  predict 

■  . . .  among  many  others 

A  system  to  engineer  and  manage  enterprise  cyber  security  activities 
can  heip. 
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“The  oak  fought  the  wind  and  was  broken, 
the  willow  bent  when  it  must  and  survived.” 

Robert  Jordan,  The  Fires  of  Heaven 
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Introduction  to  the  CERT  Resilience  Management  Model 

February  18  -  20,  2014  (SEI,  Arlington,  VA) 

June  17-19,  2014  (SEI,  Pittsburgh,  PA) 

See  Materials  Widget  for  course  document 
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